I need help to migrate iPlanet LDAP Server4.1 users to Sun One Directory Server5.2. I not able to get any help in this regard. Tried export/Import using command and LDAP browser tool but all in vain. the user is imported successfully but it didnt work and i am getting the following message on the browser.
Forbidden Your client is not allowed to access the requested object.
Since you are using some rather old versions of the software, you are probably going to need to buckle down and work at learning how to operate it without a lot of help from official support channels. But of course that's why we're here!
The first thing I suggest you should do is get familiar with the command line tools ldapsearch and ldapmodify. You will also want to begin looking at the Directory server's access and error logs. These tools will give a much clearer indication of what's going wrong. As your OP stands, I can't really tell what it means for your migration not to have worked. How can you tell it didn't work?
first of all, as Chris already did before me, I've to warn that you're installing a VERY OLD software version (2005), which is definitely not encouraged. Moreover you may hit multiple bugs, get almost no official support and multiple advices to look for a newer product like 11.x (including me :D ).
But that said:
1. Which was the suffix/branch you exported from the old (source) machine?
2. How did you perform the export?
3. Did the root-suffix existed on the new (target) machine? (can you perform an ldapsearch of just that entry?)
4. How did you tried to import back the entries into the new machine? Connecting to the LDAP with which user?
There are big differences between Netscape 4 and Sun 5.2
You will absolutely NOT get away with exporting everything and importing.
There are big schema changes.
The ACI format is completely different.
I would suggest starting wit a clean DS5.2 install, and creating an empty DIT, just the suffix and enough of the OUs to enable you to take a FEW of the entries and try importing them.
Keep an eye on the access and error logs to see why they fail.
Fix them until they import cleanly -- then make the same changes to similar entries in your LDIF export.
Try importing a few more -- some will fail.
use the same approach -- find out why the import fails, fix them, apply the same changes to the rest.
Next, find out what ACIs the applications need and create those.
Its highly likely that some of the changes will break application search filters, they will need fixing.
If you have ever done this sort of thing before, you are in for some fun.
I would seriously suggest renting a consultant with the appropriate experience.
I would also suggest NOT using 5.2 for all the reasons stated above, and that you will have to move to a later version at some point.
Then you will have all the above fun again (but a lot easier this time around).
I did this years ago, I did as posted above, installed a clean version of DS5.2. Then I did a ldif dump of my iPlanet directory. Copied over the local schema file ( I think it was 99user.ldif), and, then a ldapadd of the dumped ldif file. Then went in and setup all the ACL's, indexes, etc. Obviously you will want to test this out a few times to make sure it gets everything you want.
I also suggest either moving to a currently supported version (either Oracles' or look at something else).